per 

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Gassification ^ : 
H04L 9/32, G07F 7/10 



(11) International Publication Number: 
(43) International Publication Date: 



WO 93/07697 

15 April 1993 (15.04.93) 



(21) International Application Number: PCT/SE92/00656 

(22) International Filing Date: 23 September 1992 (23.09.92) 



30 September 1991 (30.09.91) SE 



(71) Applicant (for all designated States except US): COMVIK 
GSM AB [SE/SE]; P.O. Box 123, S-126 23 Hagersten 
(SE). 



(72) 

(75) Inventors/Applicants (for US only) : JULIN, Tomas [SE/ 
SE]; Andvagen 32, S-184 61 Akersberga (SE). ALM- 
GREN, Bjom [SE/SE]; Svartviksslingan 87, S-161 29 
Bromma (SE). SANDBERG, Leif [SE/SE]; Jantans vag 
14, S-132 35 Saltsjo-Boo (SE). 



(74) Agent: AWAPATENT AB; P.O. Box 45086, S-104 30 
Stockholm (SE). 



(81) Designated States: AU, CA, FI, JP, NO, US, European pa- 
tent (AT, BE, CH, DE, DK, ES, FR, GB, GR, IE, IT, 
LU, MC, NL, SE). 



Published 

With international search report. 



(54) Title: METHOD FOR PERSONALISATION OF AN ACTIVE CARD 



PRINTER 



I 

CUSTOMER 



(57) Abstract 

Personalisation of an active so-called SIM card (1 1) for a mobile telephone system of GSM type is effected in a place (3) 
connected to the, central computer (1) of the system via a communication network (2). The card identity IMSI and the card au- 
thentication key Ki are transferred in line-encrypted form (DES) to terminal equipment (9) in said place, where the card (11) is 
inserted in a reader (10). After line decryption (12, 13), the result thereof is transferred to the card in a manner to prevent unau- 
thorised listening-in. This can be done in a safety box or by double encryption (A3/A8) of IMSI and Ki, the decryption thereof 
being performed within the card by means of a unique card key Ksim. 
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TITLE OF THE IhfVENTION 
Method for personalisation of an active card 

TECHNICAL FIELD 

5 The present invention relates to a method for perso- 

nalisation of an active subscriber card, a so-called SIM 
card, for use in a mobile telephone system, comprising a 
central computer, the unique identity of the card, so- 
called IMSI, and the unique authentication key of the 

10 card, so-called Ki, being stored in the card from the cen- 
tral computer. The invention is especially applicable to a 
mobile telephone system of GSM type and will be described 
in more detail with reference thereto, although it is 
obvious that the invention is also applicable to other 

15 mobile telephone systems of similar type. 

TECHNICAL BACKGROUND 
In mobile telephone systems, in which the mobile 
units are controlled by active cards assigned to the sub- 
20 scribers, the personalisation of the respective card con- 
stitutes an essential procedure which is. safeguarded by 
rigorous security measures and which includes activating 
the card and loading it with IMSI and Ki, and preferably 
also a so-called PUK code Personal Unblocking Key). It is 
25 essential that this loading be effected in a safe manner 
to prevent unauthorised people from having access thereto. 

In view hereof, the personalisation procedure is car- 
ried out in a central personalisation place or a customer 
service place adjacent the central computer, where it is 
30 possible to meet the high demands on security; 

OBJECT OF THE INVENTION 
The object of the present invention is to provide 
a method making it possible, still in a safe manner, to 
35 effect the personalisation procedure in other places than 
the above-mentioned central place, whereby a number of 
advantages can be gained. 
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SUMMARY OF THE INVENTION 
The above-mentioned object is achieved by a method 
which according to the invention has the features stated 
in. the appended claims. 

According to the invention, the storage procedure 
should thus be carried out when the card is in a persona- 
lisation place remotely connected to the central computer 
via a data communication network, especially a retail 
place, the card being inserted in a reader associated with 
data terminal equipment connected to the data communica- 
tion network, IMSI and Ki and preferably also PUK being 
transferred in line-encrypted form from the central com- 
puter to the data terminal equipment where line decryption 
is performed, and the result of the line decryption being 
transferred to the SIM card in a manner to prevent 
unauthorised listening-in. 

A distributed personalisation of this type makes it 
possible to divide up IMSI number series geographically, 
which is a major advantage in that the network signalling 
is simplified or reduced, and also in that the service 
level towards a new subscriber can be kept very high. In 
fact, the personalisation can be effected directly and 
without any waiting times conditioned by the dispatch of 
cards, code envelopes etc., from a central place. The 
direct communication with the central computer also makes 
it possible to provide for different special services in 
a rapid and simple manner. 

The transfer of the result of the line decryption to 
the SIM card in a safe manner can be carried out in diffe- 
rent ways. 

According to a first conceivable alternative, the 
line decryption and the result transfer to the SIM card 
take place in a physically sealed space, into which any 
attempt of unauthorised intrusion means that relevant 
information is erased and that the process is interrupted 
and cannot be continued without special security measures 
being taken. Mechanical and electronic protection of this 
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kind can be achieved by means of a special safety box, in 
which the circuitry concerned is enclosed during the 
personalisation procedure. 

According to a second conceivable alternative, the 
5 result of the line decryption is transferred to the SIM 
card in encrypted form, at least in respect of Ki. This is 
preferably done by encrypting Ki and preferably also PUK 
and optionally IMSI an extra time in the central computer 
before the line-encrypted transfer to the personalisation 

10 place, the result of the line decryption transferred to 
the SIM card being decrypted within the SIM card by means 
of a card key Ksim, which has suitably been stored in the 
SIM card in connection with the manufacture thereof. This 
card key Ksim is preferably unique to the respective card. 

15 The decryption in the SIM card here takes place 

advantageously by means of the card key and a secret algo- 
rithm, especially being the algorithm which is intended 
for encryption/decryption in connection with the regular 
use of the card in the mobile telephone system, and on 

20 which there is information in the central computer. Advan- 
tageously, the algorithm is of type A3/A8 according to GSM 
recommendation . 

According to the invention, it is preferred that the 
central computer before the double encryption calculates 

25 the required Ksim, using SIM-card identification trans- 
ferred from the personalisation place, the "master key" by 
means of which the SIM card is manufactured and the per- 
taining algorithm. 

It is understood that the central computer may have 

30 been separately supplied with information on both said 
master key and the algorithm concerned for new SIM cards 
after the manufacture thereof with the card manufacturer. 

It is however also possible that the above-mentioned 
SIM-card identification transferred to the central com- 

35 puter may contain such information that the central com- 
puter can conclude on the basis thereof which master key 
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(among a ninnber of possible ones) and which algorithm 
(among a number of possible ones) are at issue. 

This obviously means that the key Ksim, for enhanced 
security, can be modified during the continuous manufac- 
ture of the SIM cards. 

The above-mentioned SIM-card identification may con- 
sist of the serial number of the card, which then can 
include special fields with information on e.g. master key 
and/or the algorithm concerned. 

It is understood that, for further enhanced security, 
it is possible to combine the two alternatives described 
above. 

According to the invenion, it is further advantageous 
to control the personalisation procedure by means of an 
active personalisation card which is inserted in a reader 
associated with the data terminal equipment and which con- 
tains at least parts of the line-encryption function, 
especially a pertaining key, preferably also the pertain- 
ing algorithm. 

Anyone who handles the personalisation procedure 
(e.g. a retailer) can thus have his own unique active 
card, which can thus be used both for authorisation checks 
(active and passive authentication), and as an encrypting 
unit. Everybody can then have an individual encryption key 
for further enhanced security. 

Further features of the invention will appear from 
the following description of exemplifying embodiments with 
reference to the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 
Fig. 1 is a diagrammatical general view illustrating 
an embodiment of the method according to the invention. 

Fig. 2 is a block diagram which illustrates in more 
detail the embodiment of Fig. 1. 

Fig. 3 is a block diagram illustrating another embo- 
diment of the method according to the invention. 
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DESCRIPTION OF EMBODIMENTS 
In Fig. 1, reference niamber 1 designates, in a mobile 
telephone system, a central computer which via a data com- 
munication network 2 communicates with a number of retai- 
5 lers 3, 4, 5, 6, and which also communicates with a cus- 
tomer service place 7. 

Each retailer has data terminal equipment 9, to which 
are connected a reader 10 for SIM cards 11 and line- 
encryption equipment 12, 13 consisting of a reader 12 and 
10 an active retailer card 13. A keyboard 14 for entering a 
PIN code in a SIM card concerned is connected to the 
reader 10. 

The central computer 1 contains means 15 for calcu- 
lating Ksim on the basis of card information ICC- ID trans- 

15 f erred from the retailer place, means 16 for generating 

IMSI, Ki and PUK, means 17 for encrypting the latter ones, 
using the key Ksim and an A3/A8 algorithm, and means 18 
for DES line encryption. 

The central computer provides information about PUK 

20 to the customer service place 7, which on a printer 19 
prints out a letter 20 with infoimation about this. This 
letter is sent by post to the customer concerned. 

The function according to the invention will now be 
described in more detail with reference also to Fig. 2. 

25 The systems operator 21 informs the card manufacturer 

22 and the central computer 1 about master key, DES and 
A3 /AS algorithms, and the central computer also about the 
retailer card key Kl. The card manufacturer calculates 
Ksim for the respective card in a series to be sent to a 

30 certain retailer 3 based on the DES algorithm, the master 
key and the card serial number, Ksim and the A3 /AS algo- 
rithm are loaded in the card along with card serial num- 
bers before the card is sent to the retailer. 

From the systems operator, the retailer receives his 

35 personal active card 13 with the pertaining entered card 
key Kl and DES algorithm for the line encryption, about 
which the central computer thus holds information. 
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When a retailer is to personalise a new SIM card for 
a new subscriber, he starts by inserting his active card 
13 in a reader 12 associated with the retailer terminal 
and logs in in customary manner, the active card serving 
as authentication means (optionally together with a PIN 
code which is unique to the retailer and which is inputted 
on the terminal keyboard), thus verifying the authori- 
sation of the retailer. 

A new SIM card 11 is now inserted in the pertaining 
reader 10, card-indentifying information ICC- ID being 
transferred from certain fields, preprogrammed during the 
manufacture of the card, in the SIM card via the retailer 
terminal 9 and the network 2 to the central computer 1. 
Other relevant subscriber data are inputted via the key- 
board of the terminal and transmitted to the central com- 
puter for customary checking, etc. If the subscriber is 
accepted, the number MSISDN selected or accepted by the 
subscriber is also transmitted to the central computer. 

In the central computer, Ksim is calculated on the 
basis of the information received on master key, serial 
number and DES algorithm. Ki and PUK are generated as 
random numbers. IMSI is allocated from the IMSI series 
prepared for the retailer or the area to which the retai- 
ler belongs. 

IMSI, Ki and PUK are encrypted using Ksim and the 
selected A3/A8 algorithm. The thus-encrypted IMSI, Ki and 
PUK and other data to be transferred are thereafter line 
encrypted using the key KI and the DES algorithm, and 
transferred via the data communication network to the 
retailer terminal, where line decryption occurs using the 
card key KI and DES algorithm of the retailer's active 
card 13- 

Via the reader 10, the other data now decrypted can 
be loaded directly in the SIM card, while IMSI, Ki and 
, PUK, still in encrypted form, are transferred to the SIM 
card for decryption therein, using the card key Ksim and 
the pertaining A3/A8 algorithm. Advantageously, this algo- 
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rithm is identical with the algorithm which is intended 
for the regular use of the card and which is unique to the 
systems operator and can be varied for different card 
series, if desired. 
5 After decryption, IMSI, Ki and PUK are loaded in the 

pertaining data field in the SIM card. 

Via the PIN keyboard 13, the subscriber can himself 
load an optional PIN code in the SIM card in a strictly 
confidential manner. The card is thus ready for use. The 

10 PUK code assigned by the central computer is sent to the 
subscriber by post after a day or two. 

The alternative embodiment of the invention shown in 
Fig. 3 differs from that in Figs 1 and 2 by the absence of 
the double encryption procedure. The transfer of Ki, IMSI 

15 and PUK to the SIM card 11 after line decryption, which 
occurs by means of the retailer card 13 inserted in its 
reader 12, instead occurs in a protected manner, by the 
card reader 12 with its card 13 and the SIM card 11 in its 
reader 10 (connected to the reader 12) being mechanically 

20 and electronically protectively enclosed in a safety box 
31 during the personalisation procedure. 

As readily appreciated by those skilled in the art, 
the safety box 31 may be designed in many different ways, 
which also applies to the means which should be provided 

25 for interrupting the procedure and erasing sensitive data 
in the case of an attempted intrusion into the safety box. 

It is understood that the two alternatives described 
above can be combined, if additional security is desired 
in the retailer place and/or during the transfer via the 

30 data communication network. 



35 
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CLAIMS 



1. Method for personalisation of an active card, a 
so-called SIM card, for use in a mobile telephone system, 
especially of GSM type, comprising a central computer, the 
unique identity of the card, so-called IMSI, and the 
unique authentication key of the card, so-called Ki, being 
stored in the card from the central computer, char- 
acterised by carrying out the storage procedure 
when the card is in a personalisation place remotely con- 
nected to the central computer via a data communication 
network, e.g. a retail place, the card being inserted in 

a reader associated with data terminal equipment connected 
to the data communication network; transferring IMSI and 
Ki in line-encrypted form from the central computer to the 
data terminal equipment, where line decryption occurs? and 
transferring the result of the line decryption to the SIM 
card in a manner to prevent unauthorised listening-in, at 
least in respect of Ki. 

2. Method as claimed in claim 1, character- 
ised in that the line decryption and the result trans- 
fer to the SIM card are performed in a physically sealed 
space, such as a safety box, into which any attempt of 
unauthorised intrusion results in the erasure of relevant 
information. 

3. Method as claimed in claim lor2, charac- 
terised in that the result of the line decryption 
is transferred in encrypted form to the SIM card. 

4. Method as claimed in claim 3, character- 
ised in that Ki and preferably also IMSI are double- 
encrypted in the central computer before the transfer to 
the personalisation place, the result of the line decryp- 
tion transferred to the SIM card being decrypted in the 
SIM card by means of a card key Ksim, which has preferably 
been stored in the SIM card in connection with the manu- 
facture thereof. 
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5. Method as claimed in claim 4, character- 
ised in that the decryption in the SIM card is per- 
formed by means of a key Ksim unique to the card, and an 
algorithm intended for the regular use of the card. 
5 6. Method as claimed in claim 5, character- 

ised in that the central computer, before the encryp- 
tion, calculates Ksim, using SIM-card identification 
transferred from the personalisation place, the master key 
with which the SIM card is produced and on which informa- 
10 tion has been entered in the central computer, and the 
pertaining algorithm. 

7. Method as claimed in any one of the preceding 
claims, characterised in that it is con- 
trolled by means of an active personalisation card which 

15 is inserted in a reader pertaining to the data terminal 
equipment and which contains at least parts of the line- 
encryption function. 

8. Method as claimed in claim 7, character- 
ised in that use is made of a personalisation card 

20 with a DES algorithm. 

9. Method as claimed in claim 2 and claim 7 or 8, 
characterised in that the two readers and the 
path of communication therebetween are placed in said phy- 
sically sealed space. 

25 10. Method as claimed in any one of the preceding 

claims, characterised in that a so-called 
PIN code is stored in the active SIM card by means of a 
keyboard pertaining to the data terminal equipment. 

11. Method as claimed in any one of the preceding 

30 claims, characterised in that a so-called 
PUK code is transferred from the central computer to the 
SIM card in. the same way as defined for Ki. 



35 
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